[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Help a newbie to set up his gateway

Hello,
I'm trying to setup a Home-Lan so that several computers can access the
Internet through one computer. For the moment the network is very simple.
I've got :
* The gateway (192.168.0.1) running Woody (kernel 2.2.19 with reiserfs
patch) with a eth0 card connected to the DSL modem and a eth1 card connected
to a local switchbox.
* A client (192.168.0.2) running Mandrake 8.0

I've recompiled the kernel with all the options found in the IP-Masquerading
Howto and installed the new kernel.
I've installed (apt-get install) the ipmasq package.
I've created a new /etc/masq/rules/Z92timeouts.rul according to
http://qref.sourceforge.net/quick/ch-gateway.html

>From the client I can ping the outside world, I can open a ssh session on a
distant server, but I can't open a web site in a browser or fetch my e-mail
on my isp pop server, things that I can do from the gateway computer.
I don't have a clue why it is not working...

On my gateway
ipchains -L gives
Chain input (policy DENY):
target     prot opt     source                destination           ports
ACCEPT     all  ------  anywhere             anywhere              n/a
DENY       all  ----l-  127.0.0.0/8          anywhere              n/a
ACCEPT     all  ------  anywhere             255.255.255.255       n/a
ACCEPT     all  ------  localnet/24          anywhere              n/a
ACCEPT    !tcp  ------  anywhere             BASE-ADDRESS.MCAST.NET/4
 any ->   any
DENY       all  ----l-  localnet/24          anywhere              n/a
ACCEPT     all  ------  anywhere             255.255.255.255       n/a
ACCEPT     all  ------  anywhere
aboukir-101-1-8-mvdlugt.adsl.nerim.net  n/a
DENY       all  ----l-  anywhere             anywhere              n/a
Chain forward (policy DENY):
target     prot opt     source                destination           ports
MASQ       all  ------  localnet/24          anywhere              n/a
DENY       all  ----l-  anywhere             anywhere              n/a
Chain output (policy DENY):
target     prot opt     source                destination           ports
ACCEPT     all  ------  anywhere             anywhere              n/a
ACCEPT     all  ------  anywhere             localnet/24           n/a
ACCEPT    !tcp  ------  anywhere             BASE-ADDRESS.MCAST.NET/4
 any ->   any
DENY       all  ----l-  anywhere             localnet/24           n/a
ACCEPT     all  ------  aboukir-101-1-8-mvdlugt.adsl.nerim.net anywhere
n/a
DENY       all  ----l-  anywhere             anywhere              n/a

ipmasq - v gives
#: Interfaces found:
#:   ppp0 62.212.96.246/255.255.255.255
#:   eth1 192.168.0.1/255.255.255.0
echo "0" > /proc/sys/net/ipv4/ip_forward
echo "0" > /proc/sys/net/ipv4/ip_always_defrag
/sbin/ipchains -P input DENY
/sbin/ipchains -P output DENY
/sbin/ipchains --no-warnings -P forward DENY
/sbin/ipchains -F input
/sbin/ipchains -F output
/sbin/ipchains --no-warnings -F forward
/sbin/ipchains -A input -j ACCEPT -i lo
/sbin/ipchains -A input -j DENY -i ! lo -s 127.0.0.1/255.0.0.0 -l
/sbin/ipchains -A input -j ACCEPT -i eth1 -d 255.255.255.255/32
/sbin/ipchains -A input -j ACCEPT -i eth1 -s 192.168.0.1/255.255.255.0
/sbin/ipchains -A input -j ACCEPT -i eth1 -d 224.0.0.0/4 -p ! tcp
/sbin/ipchains -A input -j DENY -i ppp0 -s 192.168.0.1/255.255.255.0 -l
/sbin/ipchains -A input -j ACCEPT -i ppp0 -d 255.255.255.255/32
/sbin/ipchains -A input -j ACCEPT -i ppp0 -d 62.212.96.246/32
/sbin/ipchains --no-warnings -A forward -j MASQ -i ppp0 -s
192.168.0.1/255.255.255.0
/sbin/ipchains -A output -j ACCEPT -i lo
/sbin/ipchains -A output -j ACCEPT -i eth1 -d 192.168.0.1/255.255.255.0
/sbin/ipchains -A output -j ACCEPT -i eth1 -d 224.0.0.0/4 -p ! tcp
/sbin/ipchains -A output -j DENY -i ppp0 -d 192.168.0.1/255.255.255.0 -l
/sbin/ipchains -A output -j ACCEPT -i ppp0 -s 62.212.96.246/32
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_always_defrag
/sbin/ipchains -M -S 86400 600 600
/sbin/ipchains -A input -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 -l
/sbin/ipchains -A output -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 -l
/sbin/ipchains -A forward -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 -l

and ipmasq -g gives
#: /etc/ipmasq/rules/A00path.def
#: /etc/ipmasq/rules/A00sanitycheck.def
#: /etc/ipmasq/rules/A01interfaces.def
#: /etc/ipmasq/rules/A01precompute.def
#: /etc/ipmasq/rules/A02masqmethod.def
#: /etc/ipmasq/rules/A02unkernelforward.def
#: /etc/ipmasq/rules/A03flush.def
#: /etc/ipmasq/rules/A04functions.def
#: /etc/ipmasq/rules/F30internal.def
#: /etc/ipmasq/rules/I10lo.def
#: /etc/ipmasq/rules/I15lospoof.def
#: /etc/ipmasq/rules/I30intbcast.def
#: /etc/ipmasq/rules/I30internal.def
#: /etc/ipmasq/rules/I32intmcast.def
#: /etc/ipmasq/rules/I70masq.def
#: /etc/ipmasq/rules/I90extbcast.def
#: /etc/ipmasq/rules/I90external.def
#: /etc/ipmasq/rules/M70masq.def
#: /etc/ipmasq/rules/O10lo.def
#: /etc/ipmasq/rules/O30internal.def
#: /etc/ipmasq/rules/O32intmcast.def
#: /etc/ipmasq/rules/O70masq.def
#: /etc/ipmasq/rules/O90external.def
#: /etc/ipmasq/rules/Z90kernelforward.def
#: /etc/ipmasq/rules/Z92timeouts.rul
#: /etc/ipmasq/rules/Z99ipmasqrules.def
#: /etc/ipmasq/rules/ZZZdenyandlog.def

If somebody more knowledgeable than me could help pinpoint the problem or
give me some pointers, I would be very grateful.
Merry Christmas to all,
Charles
-------------------
Charles de Miramon
Centre de Recherches Historiques
Laboratoire EHESS - CNRS
54, bd Raspail
75270 Paris Cedex 06
miramon@ehess.fr
http://www.ehess.fr/gahom/Miramonbiblio.htm
Reply to: